The 125kHz proximity card — unchanged in fundamental technology since the 1990s — can be cloned in under five seconds with a device that costs less than ₹2,500. MIFARE Classic cards, deployed across millions of doors in Indian corporate offices and residential complexes, carry documented cryptographic vulnerabilities that were published in 2008 and have never been patched. The physical access card as the primary enterprise credential is a security anachronism.
Mobile credentials on NFC and BLE change the threat model entirely. The credential lives in the phone's Secure Enclave or Trusted Execution Environment — hardware-isolated from the operating system, encrypted with AES-256, and bound to the specific device's hardware root of trust. It cannot be copied, exported, photographed, or cloned. It can be revoked from the cloud in under 30 seconds, from anywhere, the moment an employee leaves the organisation. And with Bluetooth BLE Twist and Go, it presents itself automatically as the user approaches the reader — without touching the reader, unlocking the phone, or removing anything from a pocket.
Mobile Credential Platform Comparison
| Platform | Protocol | Reader Compatibility | Twist & Go / Hands-Free | Multi-Device | India Available |
|---|---|---|---|---|---|
| HID Mobile Access (Origo) | NFC + BLE 5.x | HID Signo, iCLASS SE | Yes — BLE Twist and Go | Yes (phone + watch) | Yes (HID India) |
| ASSA ABLOY Seos | NFC + BLE | ABLOY Aperio, CLIQ | Yes — BLE Hands-Free | Yes | Yes (distributor) |
| Allegion Engage | BLE + NFC | Schlage BLE readers | Yes — BLE Auto-unlock | Yes | Limited |
| Apple Wallet HomeKey | NFC + UWB | ASSA ABLOY, Allegion, Dormakaba | Yes — UWB Precision | iPhone + Apple Watch | iOS 15+ |
| Samsung Wallet Pass | NFC + BLE | Partner readers | Limited | Phone + Watch | Galaxy S21+ |
| Google Wallet Pass | NFC | NFC readers (standard) | No hands-free | Android 6.0+ | Yes (Android) |
Technical Design: Mobile Credential Architecture
- NFC protocol (ISO/IEC 14443 Type A/B, 13.56 MHz): Operates at up to 10cm range; requires phone near reader; works even with critically low battery on iPhone (Power Reserve NFC); sub-100ms transaction time — identical user gesture to contactless card
- BLE Twist and Go: Wrist rotation gesture detected by phone accelerometer triggers credential broadcast at 3–5m range; user approaches reader, door unlocks before they reach it — no phone interaction required; ideal for hands-full scenarios
- ASSA ABLOY Seos encryption: AES-256 credential storage in Secure Enclave/TEE; ECDH session key per transaction — prevents relay and replay attacks that defeated earlier BLE access systems
- HID Origo cloud platform: Credential provisioning via email invitation; revocation <30 seconds; REST API for HR system integration (Workday, SAP); audit log export for ISO 27001 evidence
- Apple Wallet HomeKey (Matter protocol): iOS 15+ native — no separate vendor app; UWB precise ranging (sub-30cm) for hands-free; credential stored in Secure Enclave; works offline at reader
- OSDP v2 reader-to-panel: HID Signo readers use IEC 60839-11-5 OSDP v2 with AES-128 — encrypted from mobile credential in phone through to access panel; replaces insecure Wiegand for new installations
- India compatibility: Android 6.0+ (NFC + BLE) and iOS 13+ (NFC + BLE) — covers 95%+ of active enterprise smartphones in India; no MDM enrollment required for credential app installation
Passive UWB Credentials: No App, No Tap, No Gesture
Ultra-Wideband (UWB) chip integration in all premium smartphones enables centimetre-accurate indoor positioning that will drive the next generation of access control: completely passive access where the building recognises the authorised person as they walk through a corridor and unlocks the door ahead of them — no tap, no twist, no gesture, no interaction. Combined with continuous ambient authentication (gait + phone position), the single-event door credential will be replaced by a continuous presence-based access model where physical space responds to identity rather than identity responding to physical space.